Univention Bugzilla – Bug 43279
Failed to commit objects: WERR_DS_DRA_MISSING_PARENT
Last modified: 2017-05-03 15:37:11 CEST
Runscript 96univention-samba4.inst failed during "Pre-loading the Samba 4 and AD schema" with the following error: Pre-loading the Samba 4 and AD schema A Kerberos configuration suitable for Samba 4 has been generated at /var/lib/samba/private/krb5.conf Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=org] objects[402/1550] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=org] objects[804/1550] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=org] objects[1206/1550] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=org] objects[1550/1550] linked_values[0/0] Analyze and apply schema objects Partition[CN=Configuration,DC=example,DC=org] objects[402/1646] linked_values[0/0] Partition[CN=Configuration,DC=example,DC=org] objects[804/1646] linked_values[0/0] Partition[CN=Configuration,DC=example,DC=org] objects[1206/1646] linked_values[0/0] Partition[CN=Configuration,DC=example,DC=org] objects[1608/1646] linked_values[0/0] Partition[CN=Configuration,DC=example,DC=org] objects[1646/1646] linked_values[48/0] Partition[DC=example,DC=org] objects[99/99] linked_values[30/0] Failed to commit objects: WERR_DS_DRA_MISSING_PARENT Could not find machine account in secrets database: Failed to fetch machine account password for EXAMPLE from both secrets.ldb (Could not find entry to match filter: '(&(flatname=EXAMPLE)(objectclass=primaryDomain))' base: 'cn=Primary Domains': No such object: dsdb_search at ../source4/dsdb/common/util.c:4575) and from /var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO ERROR(<type 'exceptions.TypeError'>): uncaught exception - Failed to process chunk: NT code 0xc000210c File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run return self.run(*args, **kwargs) File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 652, in run machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1253, in join_DC ctx.do_join() File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1153, in do_join ctx.join_replicate() File "/usr/lib/python2.7/dist-packages/samba/join.py", line 890, in join_replicate replica_flags=ctx.domain_replica_flags) File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 258, in replicate schema=schema, req_level=req_level, req=req) Setup at the customer: - UCS@School DC Master (with S4) - UCS@School DC Backup (with S4) -> this is where the join error occurred All UCS were installed with UCS 4.1-2 and updated to 4.1-4. After the update one joinscript was outstanding (35ucs-school-import.inst). univention-run-join-scripts results in an error, so the customer decided to join the hole system again (univention-join). This is were the error above occurred. The customer also followed the SDB 1235 with no success. More information and the hole joinscript Ticket#2017010321002705
Bei Samba gibt es dazu diesen Bug: https://bugzilla.samba.org/show_bug.cgi?id=12398 der ist noch nicht gefixed, stellt aber einen Patch bereit.
Is this error reproducible? Can you add the samba logs and run the join with more debug?
added the logs as univention-staff only attachements.
Created attachment 8448 [details] sambabug12398_workaround.patch apt-get install patch patch -d /usr/share/pyshared -p2 < sambabug12398_workaround.patch
Correct fix should be in UCS 4.2 (Samba 4.6).
The workaround seems to work. So, we should release it as erratum for 4.1-4.
Samba rebuilt in errata4.1-4 with workaround patch. Advisory: samba.yaml
Code review: OK Tests (replication, rejoin, ucs-test): OK YAML: OK (Minor update: r79032)
<http://errata.software-univention.de/ucs/4.1/411.html>